Autocreated on ticket submission - Quert Builder

Hi Alll,

I have a problem that has shown up over the last week. It looks as if
every single person who has ever submitted a ticket request has had a
user autocreated. These users now how up in query builder when we try
and do a search on the owner. Selecting the owner shows every single
email address of every person who has ever submitted a support request.

Any ideas how to prevent this from happening?

RT 3.8.0

Thanks in advance

bashir jahed
nha | enhance

5 protea road | claremont | 7708
po box 24 | newlands | 7725

telephone +27 (21) 657-2574

mobile +27 (83) 414-0453

facsimile +27 (21) 657-2575

e-mail | messenger bashir.jahed@nha.co.za
mailto:bashir.jahed@nha.co.za

this message is subject to the disclaimer at
www.nha.co.za/disclaimer.asp http://www.nha.co.za/disclaimer.asp or
disclaimer@nha.co.za
mailto:disclaimer@nha.co.za?subject=request%20disclaimer

Bashir,

You need to fix your permissions. Somewhere you are letting every
address own a ticket. That is what determines what shows up in the
pull-down. Happy hunting.

KenOn Thu, Feb 19, 2009 at 04:16:07PM +0200, Bashir Jahed wrote:

Hi Alll,

I have a problem that has shown up over the last week. It looks as if
every single person who has ever submitted a ticket request has had a
user autocreated. These users now how up in query builder when we try
and do a search on the owner. Selecting the owner shows every single
email address of every person who has ever submitted a support request.

Any ideas how to prevent this from happening?

RT 3.8.0

Thanks in advance


bashir jahed
nha | enhance

5 protea road | claremont | 7708
po box 24 | newlands | 7725

telephone +27 (21) 657-2574

mobile +27 (83) 414-0453

facsimile +27 (21) 657-2575

e-mail | messenger bashir.jahed@nha.co.za
mailto:bashir.jahed@nha.co.za


this message is subject to the disclaimer at
www.nha.co.za/disclaimer.asp http://www.nha.co.za/disclaimer.asp or
disclaimer@nha.co.za
mailto:disclaimer@nha.co.za?subject=request%20disclaimer


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Man how did this happen, all user have ticked “Allow user to access RT”

I am assuming this is the permission problem. Problem is how do i
disable this…Thousands of email addresses…From: Kenneth Marshall [mailto:ktm@rice.edu]
Sent: 19 February 2009 04:18 PM
To: Bashir Jahed
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert Builder

Bashir,

You need to fix your permissions. Somewhere you are letting every
address own a ticket. That is what determines what shows up in the
pull-down. Happy hunting.

Ken

Hi Alll,

I have a problem that has shown up over the last week. It looks as if
every single person who has ever submitted a ticket request has had a
user autocreated. These users now how up in query builder when we try
and do a search on the owner. Selecting the owner shows every single
email address of every person who has ever submitted a support
request.

Any ideas how to prevent this from happening?

RT 3.8.0

Thanks in advance


bashir jahed
nha | enhance

5 protea road | claremont | 7708
po box 24 | newlands | 7725

telephone +27 (21) 657-2574

mobile +27 (83) 414-0453

facsimile +27 (21) 657-2575

e-mail | messenger bashir.jahed@nha.co.za
mailto:bashir.jahed@nha.co.za


this message is subject to the disclaimer at
www.nha.co.za/disclaimer.asp http://www.nha.co.za/disclaimer.asp or
disclaimer@nha.co.za
mailto:disclaimer@nha.co.za?subject=request%20disclaimer


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Bashir Jahed wrote:

Man how did this happen, all user have ticked “Allow user to access RT”

I am assuming this is the permission problem. Problem is how do i
disable this…Thousands of email addresses…

I think you’re misunderstanding how the system works.

In order to raise a ticket, the ticket must have a requestor. If the
requestor doesn’t exist as a user, the ticket can’t be created. If you
want someone to be able to create a ticket by email, it must auto-create
an account for them based on the e-mail address.

What you’re seeing is normal behaviour. It would only be a problem if
they were all being granted privileged user status (the checkbox for let
this user be granted rights). In that case, then they would all show up
in a user-selection combo box.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked “/users/Access
Control/Let this user access RT” checkbox and confirmed that the user no
longer shows up in the search box in the “Owner Field”

They never used to show up and cannot race if anything has happened over
the last week. Was on Leave and this was discovered while I was a way
and nobody is claiming any responsibility…

So there is now way for me to find out what happened…From: Mike Peachey [mailto:mike.peachey@jennic.com]
Sent: 19 February 2009 04:31 PM
To: Bashir Jahed
Cc: Kenneth Marshall; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert Builder

Bashir Jahed wrote:

Man how did this happen, all user have ticked “Allow user to access
RT”

I am assuming this is the permission problem. Problem is how do i
disable this…Thousands of email addresses…

I think you’re misunderstanding how the system works.

In order to raise a ticket, the ticket must have a requestor. If the
requestor doesn’t exist as a user, the ticket can’t be created. If you
want someone to be able to create a ticket by email, it must auto-create
an account for them based on the e-mail address.

What you’re seeing is normal behaviour. It would only be a problem if
they were all being granted privileged user status (the checkbox for let
this user be granted rights). In that case, then they would all show up
in a user-selection combo box.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Bashir Jahed wrote:

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked “/users/Access
Control/Let this user access RT” checkbox and confirmed that the user no
longer shows up in the search box in the “Owner Field”

Because that user is now disabled and is unable to raise tickets from
that e-mail address…

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Bashir,

What Mike was telling you is that if the "BOTTOM" box is checked for a 

user, they can have privileges. This means that if you grant the
"OwnTicket" right globally to Privileged users, then all these
requestors that send in tickets via email will have the right to OWN a
ticket, hence they appear on the drop-down. So, you can do a couple
different things to resolve this.
1) Uncheck the bottom box on these Users. This could turn out to be a
long, ongoing process unless you can set your RT_SiteConfig.pm file to
allow them to become unprivileged users only (Top box checked ONLY). I’m
not sure what that setting is, perhaps Mike knows.
2) Remove the Global settings for “OwnTicket” and perhaps others like
"TakeTicket", “StealTIcket”, “DeleteTicket”, etc. from Privileged Users
or “Everyone” and grant those rights to groups of users. That way
privileges are more defined in who can do what and your queries will run
MUCH faster as well.
Hopes this helps.

Kenn
LBNLOn 2/19/2009 6:37 AM, Mike Peachey wrote:

Bashir Jahed wrote:

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked “/users/Access
Control/Let this user access RT” checkbox and confirmed that the user no
longer shows up in the search box in the “Owner Field”

Because that user is now disabled and is unable to raise tickets from
that e-mail address…

I have just removed all privileges for the “Everyone” group and the
"Privileged" group has no rights assigned but still no luck.

Really baffled by this one.From: Kenneth Crocker [mailto:KFCrocker@lbl.gov]
Sent: 19 February 2009 07:57 PM
To: Bashir Jahed
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert Builder

Bashir,

What Mike was telling you is that if the "BOTTOM" box is checked

for a
user, they can have privileges. This means that if you grant the
"OwnTicket" right globally to Privileged users, then all these
requestors that send in tickets via email will have the right to OWN a
ticket, hence they appear on the drop-down. So, you can do a couple
different things to resolve this.
1) Uncheck the bottom box on these Users. This could turn out to
be a
long, ongoing process unless you can set your RT_SiteConfig.pm file to
allow them to become unprivileged users only (Top box checked ONLY). I’m

not sure what that setting is, perhaps Mike knows.
2) Remove the Global settings for “OwnTicket” and perhaps others
like
"TakeTicket", “StealTIcket”, “DeleteTicket”, etc. from Privileged Users

or “Everyone” and grant those rights to groups of users. That way
privileges are more defined in who can do what and your queries will run

MUCH faster as well.
Hopes this helps.

Kenn
LBNL

Bashir Jahed wrote:

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked
"/users/Access

Control/Let this user access RT" checkbox and confirmed that the user
no

longer shows up in the search box in the “Owner Field”

Because that user is now disabled and is unable to raise tickets from
that e-mail address…

Point 2) That is the way it is defined. The “everyone” group is only
allowed the “Comment, Create and Reply” as we auto create tickets. No
user is given any direct Rights. All rights are queue specific and is
assigned to groups.

Point 1) there is now way I can go though 100 000 non privileged
accounts and uncheck hte “Allow user to Access RT” Box.

Please help, is there any way to add it to the RT_SiteConfig" file and
rerun it to disable the “allow user to access RT” flag?

BashFrom: Kenneth Crocker [mailto:KFCrocker@lbl.gov]
Sent: 19 February 2009 07:57 PM
To: Bashir Jahed
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert Builder

Bashir,

What Mike was telling you is that if the "BOTTOM" box is checked

for a
user, they can have privileges. This means that if you grant the
"OwnTicket" right globally to Privileged users, then all these
requestors that send in tickets via email will have the right to OWN a
ticket, hence they appear on the drop-down. So, you can do a couple
different things to resolve this.
1) Uncheck the bottom box on these Users. This could turn out to
be a
long, ongoing process unless you can set your RT_SiteConfig.pm file to
allow them to become unprivileged users only (Top box checked ONLY). I’m

not sure what that setting is, perhaps Mike knows.
2) Remove the Global settings for “OwnTicket” and perhaps others
like
"TakeTicket", “StealTIcket”, “DeleteTicket”, etc. from Privileged Users

or “Everyone” and grant those rights to groups of users. That way
privileges are more defined in who can do what and your queries will run

MUCH faster as well.
Hopes this helps.

Kenn
LBNL

Bashir Jahed wrote:

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked
"/users/Access

Control/Let this user access RT" checkbox and confirmed that the user
no

longer shows up in the search box in the “Owner Field”

Because that user is now disabled and is unable to raise tickets from
that e-mail address…

My understanding is that if you do this, that user will not be able to
email issues into your RT instance. Is that what you want? If users
are showing up in the owner box on the query page, they are getting
"OwnTicket" from somewhere.

RTx::RightsMatrix would be very helpful for tracking this down.

Bashir Jahed wrote:

Point 2) That is the way it is defined. The “everyone” group is only
allowed the “Comment, Create and Reply” as we auto create tickets. No
user is given any direct Rights. All rights are queue specific and is
assigned to groups.

Point 1) there is now way I can go though 100 000 non privileged
accounts and uncheck hte “Allow user to Access RT” Box.

Please help, is there any way to add it to the RT_SiteConfig" file and
rerun it to disable the “allow user to access RT” flag?

Bash
-----Original Message-----
From: Kenneth Crocker [mailto:KFCrocker@lbl.gov]
Sent: 19 February 2009 07:57 PM
To: Bashir Jahed
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert Builder

Bashir,

What Mike was telling you is that if the “BOTTOM” box is checked
for a
user, they can have privileges. This means that if you grant the
"OwnTicket" right globally to Privileged users, then all these
requestors that send in tickets via email will have the right to OWN a
ticket, hence they appear on the drop-down. So, you can do a couple
different things to resolve this.

  1. Uncheck the bottom box on these Users. This could turn out to
    be a
    long, ongoing process unless you can set your RT_SiteConfig.pm file to
    allow them to become unprivileged users only (Top box checked ONLY). I’m

not sure what that setting is, perhaps Mike knows.
2) Remove the Global settings for “OwnTicket” and perhaps others
like
"TakeTicket", “StealTIcket”, “DeleteTicket”, etc. from Privileged Users

or “Everyone” and grant those rights to groups of users. That way
privileges are more defined in who can do what and your queries will run

MUCH faster as well.
Hopes this helps.

Kenn
LBNL

Bashir Jahed wrote:

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked

"/users/Access

Control/Let this user access RT" checkbox and confirmed that the user

no

longer shows up in the search box in the “Owner Field”

Because that user is now disabled and is unable to raise tickets from
that e-mail address…


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Drew Barnes
Applications Analyst
Network Resources Department
Raymond Walters College
University of Cincinnati

Managed to fix it…

Service desk created a new Queue and assigned all rights to the
"Everyone" group for that queue…

Rights flowed down and hence they were given the incorrect rights…From: Drew Barnes [mailto:barnesaw@ucrwcu.rwc.uc.edu]
Sent: 20 February 2009 03:50 PM
To: Bashir Jahed
Cc: Kenneth Crocker; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert Builder

My understanding is that if you do this, that user will not be able to
email issues into your RT instance. Is that what you want? If users
are showing up in the owner box on the query page, they are getting
"OwnTicket" from somewhere.

RTx::RightsMatrix would be very helpful for tracking this down.

Bashir Jahed wrote:

Point 2) That is the way it is defined. The “everyone” group is only
allowed the “Comment, Create and Reply” as we auto create tickets. No
user is given any direct Rights. All rights are queue specific and is
assigned to groups.

Point 1) there is now way I can go though 100 000 non privileged
accounts and uncheck hte “Allow user to Access RT” Box.

Please help, is there any way to add it to the RT_SiteConfig" file and
rerun it to disable the “allow user to access RT” flag?

Bash
-----Original Message-----
From: Kenneth Crocker [mailto:KFCrocker@lbl.gov]
Sent: 19 February 2009 07:57 PM
To: Bashir Jahed
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Autocreated on ticket submission - Quert
Builder

Bashir,

What Mike was telling you is that if the “BOTTOM” box is checked
for a
user, they can have privileges. This means that if you grant the
"OwnTicket" right globally to Privileged users, then all these
requestors that send in tickets via email will have the right to OWN a

ticket, hence they appear on the drop-down. So, you can do a couple
different things to resolve this.

  1. Uncheck the bottom box on these Users. This could turn out to
    be a
    long, ongoing process unless you can set your RT_SiteConfig.pm file to

allow them to become unprivileged users only (Top box checked ONLY).
I’m

not sure what that setting is, perhaps Mike knows.
2) Remove the Global settings for “OwnTicket” and perhaps others
like
"TakeTicket", “StealTIcket”, “DeleteTicket”, etc. from Privileged
Users

or “Everyone” and grant those rights to groups of users. That way
privileges are more defined in who can do what and your queries will
run

MUCH faster as well.
Hopes this helps.

Kenn
LBNL

Bashir Jahed wrote:

I have done the following:

Checked for a specific user in the search box as owner to confirm it
shows up. Then went into the specific user and unchecked

"/users/Access

Control/Let this user access RT" checkbox and confirmed that the
user

no

longer shows up in the search box in the “Owner Field”

Because that user is now disabled and is unable to raise tickets from
that e-mail address…


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Drew Barnes
Applications Analyst
Network Resources Department
Raymond Walters College
University of Cincinnati